Abstract
The notion of worm-killing worm has been in the folklore for some time. However the obvious fear of the killer worm itself being compromised, or of any self-propagating code set loose (possibly over administrative boundaries), has barred serious exploration on the practical aspects of the idea. In this paper, we suspend such concerns momentarily, and investigate its functional validity. This effort is motivated by recent fast worm epidemics exemplified by that of SQL Slammer, which was overwhelmingly faster than traditional human-intervened response. Specifically, this paper evaluates the killer worm in terms of the prevention effect and the incurred traffic cost. Above and beyond, we consider supplementary techniques that could boost the performance and mitigate the harmful side-effects of the worm-killing worm.
Original language | English |
---|---|
Pages (from-to) | 1902-1906 |
Number of pages | 5 |
Journal | Conference Record - International Conference on Communications |
Volume | 4 |
State | Published - 2004 |
Event | 2004 IEEE International Conference on Communications - Paris, France Duration: 20 Jun 2004 → 24 Jun 2004 |
Keywords
- Bandwidth
- Epidemic
- Prevention
- Speed
- Worm